Commerce Weekly: Square disrupts, PayPal shrugs

Here are a few stories that caught my attention this week in the commerce space.

The mobile payment war rages on

David Pogue took a look this week at Square’s latest maneuver in the mobile payment race, its Pay With Square app. Pogue says it’s far more disruptive than the simple ability for anyone to accept a mobile credit card payment:

“You walk into a shop or cafe. The cashier knows that you’re on the premises because your name and thumbnail photo appear on his iPad screen. He rings up your items by tapping them on the iPad.

“And now the magic moment: To pay, you just say your name. The cashier compares your actual face with the photo on the iPad’s screen, taps O.K., and the transaction is complete. No cash, no cards, no signatures — you don’t even have to take the phone out of your pocket.”

Writing about taking the app for a spin at a coffee shop in San Francisco, Pogue describes a few hang-ups: merchants have to use an iPad as a cash register and they must enter every item they sell. Another issue concerns Square’s security and actually stems from customers themselves — users are required to upload a photo of themselves to set up a new Pay With Square account, but as the coffee shop cashier told Pogue, “sometimes use pictures of cats or SpongeBob instead of their own photos,” which prevents a visual ID of the customer.

The mobile payment competition isn’t sitting still, however. Pogue also notes that PayPal is working to catch up with Square’s frictionless purchase technology with its own local payment system, PayPal Local. And at the recent VentureBeat MobileBeat conference, PayPal’s vice president of global product Hill Ferguson said he isn’t particularly concerned with Square. John Koetsier reports at VentureBeat: “Though [Square] can facilitate very personal commerce — put it on Bob’s bill — [Ferguson] says it is not going to work very well at Safeway.” Ferguson also acknowledged that PayPal is a “two-click” system, as it doesn’t own the ecosystem “like Google Play or Apple,” but says he sees both companies as “fantastic potential partners, doing highly complementary things.”

X.commerce harnesses the technologies of eBay, PayPal and Magento to create the first end-to-end multi-channel commerce technology platform. Our vision is to enable merchants of every size, service providers and developers to thrive in a marketplace where in-store, online, mobile and social selling are all mission critical to business success. Learn more at x.com.

NFC security hacked at Black Hat 2012

Andy Vuong at the Denver Post took a look at NFC technology this week, its potential uses — including but not limited to mobile payments — and the likelihood of it becoming mainstream in the U.S. Vuong writes that the biggest question concerning NFC’s future may be whether or not Apple will include the technology in its next generation iPhone.

Mohamed Awad, associate product line director for NFC products at Broadcom and a board member of the NFC Forum, told Vuong that he doesn’t think the future of the technology hinges on Apple’s adoption, and he also dismissed security concerns. Vuong reports:

“‘The credit card in your wallet is just magnetically encoded, so anybody with a magnetic reader can read all of your credit card information,’ [Awad] said. ‘On your smartphone, there is a secure element in there, the encryption is much more tight and it’s a much more secure platform.'”

The security concerns, however, may not be so easily discounted. Research consultant Charlie Miller demoed the security gaps at the Black Hat security conference in Las Vegas this week. Meghan Kelly at VentureBeat reports that Miller showed a video in which he closely followed a friend, keeping his hand “awkwardly close to his buddy’s back pocket” in order to hack his phone. Kelly says that though Miller noted the attack was difficult and that the NFC bugs he found are “not too extensive,” he was still able to exploit a bug in the Nokia N9 smartphone. She writes:

“The N9 has a feature in it called ‘pairing,’ which allows the phone to connect to other devices using Bluetooth and NFC. … If a hacker creates a tag that can pair the phone, she can have access to the Bluetooth network and eventually make it into the rest of the phone. Miller demoed the hack and pulled all the data from the phone, including the photos and address book. He also showed that you can send text messages to other phones using the hacked phone, as well as make calls.”

Kelly writes that Millers takeaway for the mobile security community is to “[m]ake phones prompt the user before accepting an NFC connection.”

Visa takes mobile payment to the Olympics

Bill Gajda, Visa’s head of mobile, brought some perspective to the state of mobile payments this week in an interview with Roger Cheng at CNET. Gajda says that though mobile payment experiments are underway, the mode of payment won’t become mainstream in the U.S. for two to three more years. Cheng reports that the issue isn’t only related to hardware and technology hang-ups, but that “Gajda’s more realistic view of the broader acceptance underscores the difficulties in changing long-drilled consumer habits and getting past the comfort level of paying with cash or swiping a credit card.”

“Visa is using the Olympics as an international showcase for mobile payments. The company has hooked up 140,000 payment terminals in London with near-field communication, or NFC, chips that enable the tap-and-pay process. The locations include 5,000 London taxis and 3,000 point-of-sale venues at the Olympics. The company is handing out several thousand Olympic-edition Galaxy S3s to VIPs such as athletes to test out the service.”

Tip us off

News tips and suggestions are always welcome, so please send them along.